Advice Request DNS: blocking ads - Adguard or OpenDNS

Please provide comments and solutions that are helpful to the author of this topic.

Tiamati

Level 12
Thread author
Verified
Top Poster
Well-known
Nov 8, 2016
574
NextDNS is by default free until 300k queries/ month. After that, filtering is disabled but DNS still works. Normal user doesn't hit that number.

DDNS nor their app isn't needed. Mainstream browser and both Android and iPhone support encrypted DNS native which doesn't need also DDNS.
DDNS is only needed if you want use NextDNS on e.g. your pc or router without their software, without encrypted DNS and with a random ISP IP every 24 hours. For most if not all normal user this isn't the case as nobody use this configuration.

Easiest way is using their encrypted DNS with DoT or DoH. This works native and without program/ App - based on used OS
Indeed, 300k is a good amount of queries.

If i fully understand NEXTDNS service, you need to link your queries to your account somehow. There are 2 ways to do it:

1) Link your IP. That's ok if you have a static IP. But with dynamic IP you have do use DDNS to keep you IP working properly with NEXTDNS. Otherwise you need to link it manually every time your IP changes.

2) Using their app: I don't like this alternative because it causes an inconvenient problem. It creates a dedicated VPN on android. And for some reason, every time i deal with apps that do this, i receive a random white screen when i start browsing saying that my network has changed. I've already tried a few fixes to solve this but i couldn't find any solution. I've noticed this problem with NEXTDNS app, BLockada, Adguard, WARP (from Cloudflare). Thats the main reason i'm looking for a DNS to block ads and not a dedicated app.

1607971179642.png



Why no dedicated App? I highly recommend RethinkDNS (former BraveDNS). It is Firewall and Dns in one, like Adguard, but OpenSource. If you load the app from the website, you cann add custom filter rules from any source. Give it a try. See more on RethinkDNS

As well you can use any other App like PersonalDNSFilter, Blokada, Nebulo, DNS66... Get your phone under your control :cool:(y)

I never heard about Rethink. i'll take a look and give you a feedback

I've tried Blokada and Adguard but they create the problem I've mentioned above. I think its related to the VPN created to filter queries. But i really don't know.

Check out Blockada, great for ad blocking, and you have a lot of DNS servers to choose from.

/W

Same reason i mentioned above
Because it's not needed with Android 9+ or up2date iOS.
Apps only increase attack surface and also use a local VPN simulation so you can't use a VPN anymore if needed
The VPN simulation is the problem...
 
F

ForgottenSeer 85179

If i fully understand NEXTDNS service, you need to link your queries to your account somehow. There are 2 ways to do it:
As i already post you can use DoT or DoH directly in your OS/ program/ app without any extra step.
I use it directly in Edge, in my FritzBox router and directly in Android. All without any extra software or IP linking.

See also my guide: Tutorial - NextDNS: a DoH/ DoT guide | MalwareTips Community
 

Tiamati

Level 12
Thread author
Verified
Top Poster
Well-known
Nov 8, 2016
574
As i already post you can use DoT or DoH directly in your OS/ program/ app without any extra step.
I use it directly in Edge, in my FritzBox router and directly in Android. All without any extra software or IP linking.

See also my guide: Tutorial - NextDNS: a DoH/ DoT guide | MalwareTips Community
I didn't realize that DoT and DoH were already linked! Unfortunately, my router doens't accept any of them (as far as i know). But i'll add DoT to my android private DNS and my desktop Edge. That will solve the problem with the app at the same time it will block ads, and still have a good latency and privacy 👏 👏 👏

Do you know can I test if DoT and DoH are working with NextDNS?

BTW, someone have a solution to the ERR_NETWORK_CHANGED problem i mentioned earlier?
 

Tiamati

Level 12
Thread author
Verified
Top Poster
Well-known
Nov 8, 2016
574
Last edited:
F

ForgottenSeer 85179

In fact, their route is not optimized. The secondary DNS latency is 1/8 of the primary. I would run their diagnostic tool... but i checked virustotal and...View attachment 251129
False positives. I run the tool yesterday and Defender with ConfigureDefender on HIGH with other restrictions like SRP doesn't alert anything. Not even CFA which is very aggressive.

Edit: which link did you test? Cause i got this:
VirusTotal
1607979950743.png

Edit2: You use the binary from Release diag-v1.0.12 · nextdns/diag (github.com) but even both diag_1.0.12_windows_386.exe & diag_1.0.12_windows_amd64.exe is clean:
1607980229281.png
1607980247126.png

Edit3: i also see that your Virustotal result only display 21 tested AVs while more then 80 are available as you can see on my screens.
 
Last edited by a moderator:

Tiamati

Level 12
Thread author
Verified
Top Poster
Well-known
Nov 8, 2016
574
Edit: which link did you test? Cause i got this:
I tested this program (nextdns.io) (from Report network latency issue - Troubleshooting - NextDNS Help Center)

Edit2: You use the binary from Release diag-v1.0.12 · nextdns/diag (github.com) but even both diag_1.0.12_windows_386.exe & diag_1.0.12_windows_amd64.exe is clean:
i've download both now. The 32 bit got the same result. The 64 got 4 detections

VirusTotal *32 - 19 detections
VirusTotal *64 - 4 detections

Edit3: i also see that your Virustotal result only display 21 tested AVs while more then 80 are available as you can see on my screens.
You are testing the URL. I tested the exe file itself
 

9724anon7537

Level 2
Verified
Jun 12, 2018
65
Blokada, I suspect, covertly collects metrics.

Route blocklist downloads over their mirrors (that are on Cloudflare).

Generate unique installation ID and send it (along with the phone model) to their servers every time you click on a link (and there are plenty) that opens in the app's webview.

Track visits by redirecting every single link over rebrand.ly (via go.blokada.org) which is a URL shortening service masquerading as an analytics tracker.

I've reported these issues to them. Let's see if they fix these.


personalDNSfilter seems to be a decent alternative, works on windows/linux as well.



 
  • Like
Reactions: Nevi

n8chavez

Level 16
Well-known
Feb 26, 2021
785
I recommend NextDNS :)

Wow!!! This is cool. I think I just solved how to get the adblocking features of adguard without using the one vpn slot on Android, that way I can use another VPN. Sweet!! This has been bothering me for so long. And sure enough, according to the logs and analytics, NextDNS is blocking things.
 
Last edited:

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top